Fix integer overflow in NewFixedDoubleArray am: 0809cf96aa

Original change: undetermined Change-Id: I69c32297a80a0c258f707a62a5e04acf1acf090c
author: Rubin Xu <rubinxu@google.com> 2020-06-02 04:52:33 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2020-06-02 04:52:33 +0000
commit: 0100d69c5c26173eec1bd1bea394c8305f3a3d0b (patch)
tree: 46d75021e9cb0c5e1b54b886d1045a6cb94c95a2
parent: c26488a0d70a94752be50d769a27d56f96157b74 (diff)
parent: 0809cf96aa0a547150173bd0cb06452dce878d61 (diff)
download: v8-0100d69c5c26173eec1bd1bea394c8305f3a3d0b.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/src/heap/factory.cc b/src/heap/factory.cc
index c8528f9f..2ac0d990 100644
--- a/src/heap/factory.cc
+++ b/src/heap/factory.cc
@@ -469,7 +469,7 @@ Handle<FixedArrayBase> Factory::NewFixedDoubleArray(int length,
                                                     PretenureFlag pretenure) {
   DCHECK_LE(0, length);
   if (length == 0) return empty_fixed_array();
-  if (length > FixedDoubleArray::kMaxLength) {
+  if (length < 0 || length > FixedDoubleArray::kMaxLength) {
     isolate()->heap()->FatalProcessOutOfMemory("invalid array length");
   }
   int size = FixedDoubleArray::SizeFor(length);
author	Rubin Xu <rubinxu@google.com>	2020-06-02 04:52:33 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2020-06-02 04:52:33 +0000
commit	0100d69c5c26173eec1bd1bea394c8305f3a3d0b (patch)
tree	46d75021e9cb0c5e1b54b886d1045a6cb94c95a2
parent	c26488a0d70a94752be50d769a27d56f96157b74 (diff)
parent	0809cf96aa0a547150173bd0cb06452dce878d61 (diff)
download	v8-0100d69c5c26173eec1bd1bea394c8305f3a3d0b.tar.gz